3 matches found
autocode (>=1.0.0 <=1.3.1), autocode-cli (>=0.20.0 <=0.22.0) +5 more potentially affected by CVE-2018-25074 via skeemas (=1.1.6)
skeemas NPM version =1.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on skeemas and may be impacted: - autocode =1.0.0, =0.20.0, =0.19.0, =0.3.2, =1.0.0, =0.1.0, =0.5.1 Source cves: CVE-2018-25074 Source advisory: OSV:GHSA-QV66-F876-VJVR...
CVE-2018-25074 Prestaul skeemas base.js redos
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named...
CVE-2018-25074
Prestaul skeemas is affected by a Regular Expression Denial of Service (ReDoS) due to inefficient regex handling in validators/base.js when processing the uri argument. Root cause is an under-optimized manipulation of the uri that increases regex complexity. A patch, named 65e94eda62dc8dc148ab3e5...